Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Low
Fix Version/s: 6.4.9, 7.0.0-OD-02
Affects Version/s: 6.4.2
Component/s: None
Labels:

Introduced in Version:
6.04
CVSS Score:
5
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

A third party scan found that the ConvertIssue.jspa action is vulnerable to content spoofing, in specific text injection. In this case the content spoofing may be used to perform a phishing attack on users.

How to reproduce:
https://jira.atlassian.com/secure/AddPortalPage!default.jspa?clonePageId=543%22You%20are%20seeing%20this%20error%20due%20to%20unauthenitcated/malicious%20activity%20from%20this%20account.%20To%20proceed%20please%20contact%20a%20Customer%20Service%20agent%20at(800)%20555-5555%20or%20email%20us%20at%20%22stealyourid@example.com&atl_token=ARL5-JM5F-FL1H-5Q9J%7C363acff80f4bb537d96e7be72241ecbc7e06b076%7Clin

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List

screenshot-1.png
81 kB
18/Jun/2015 10:10 PM

Activity

People

Assignee:: Oswaldo Hernandez (Inactive)

Reporter:: pfomin@visa.com

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 18/Jun/2015 10:07 PM

Updated:: 05/Dec/2019 1:30 AM

Resolved:: 29/Jul/2015 9:22 AM